Social Network Security Policies Lacking

Symantec survey finds half of social networking at work is for business purposes, but many organizations don't have appropriate security policies or enforcement.

While one-third of employees never access social networking sites from work, an equal number access them once or twice per day, 16% access them up to five times per day, and 2% hit them more than 20 times in a single work day. That's according to a new survey of 336 IT professionals conducted earlier this month by Symantec.

But respondents said that on average, 53% of the time they spent on social networking sites at work was indeed for work purposes.

How do businesses approach access to social networking sites, such as Facebook and Twitter, from work? According to the survey, only 5% of organizations block such sites outright. One-third don't block but do have policies stating that social networks can only be used for business purposes. Meanwhile, 42% of organizations have no policy or blocking whatsoever.

What's the right approach? Having no policy, or an inappropriate policy, could result in lost productivity or poor customer service on the one hand, and security threats on the other. From a security standpoint, for starters, consider the increasing prevalence of clickjacking attacks, as well as the plethora of worms, social engineering, spam, and phishing attacks gunning for users' personal information or sensitive business details via social networks. Many organizations also worry about employees disclosing confidential information by accident or on purpose.

According to Symantec, companies can address many of the perceived threats of social media by developing social networking security policies and guidance for employees. Crucial to creating an effective policy, however, is then having the ability to monitor and enforce the policy, as well as a process for regularly updating it to keep it relevant.

But when it comes to regulating the enterprise use of social media, tread carefully. Researchers are finding that having access to at least some social networking tools is often beneficial, even for productivity purposes.

That's one finding from a recently released report from Forrester Research, "Use Social Computing To Boost IT Productivity." The study draws on an online Forrester survey of 303 workers in North America and Europe who use social media, conducted in January 2010.

In particular, Forrester found that 70% of IT personnel viewed Web 2.0 and social media as having a beneficial impact on their organization's productivity. In addition, four out of five respondents said social media had a positive impact on organizational innovation, and 78% believed it helped the organization provide better customer service.